PHP plugs security holes

The open-source PHP Group has issued a patch for at least four security flaws in the widely-used general-purpose scripting language.

With PHP 5.2.9 (see changeLog), the PHP development team corrects a total of 50 bugs, including a publicly-known flaw that allows attackers to read the contents of arbitrary memory locations in certain situations.

Here’s the skinny on that issue, which is rated medium-severity:

  • Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.

The other security fixes in PHP 5.2.9 are:

  • Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)
  • Fixed explode() behavior with empty string to respect negative limit. (Shire)
  • Fixed a segfault when malformed string is passed to json_decode(). (Scott)

ALSO SEE:

Flaw trifecta kicks off Month of PHP Bugs

Controversial ‘month of bugs’ getting security results

[Source: zdnet]

0 comments